1. Field of the Invention
The present invention generally relates to a system and method for securing the entry of data to a device.
2. Description of the Related Art
Conventional devices into which passwords are entered, and especially devices where passwords are entered into a display such as smartphones, ATMs, etc., have many characteristics which make passwords and other authentication data vulnerable when being entered.
For instance, the smartphone may reveal each character on the display for a second or two during entry. Additionally, when a key is pressed on the screen of a smartphone the user is often given a visible cue indicating that the particular character has been pressed. The visible cue can take many possible forms such as a magnification of the character on the keypad, changing the color of the character on the keypad, movement of the character selected, etc. These visible indications of which characters are being entered can enable someone to steal the password by simply reading the password as it is entered.
In addition, on a smartphone the displayed keyboard normally has significantly fewer keys than a conventional keyboard. Therefore, entry of the characters on the on-screen keypad divulges possible character positions. For example, with a simplified keyboard it is not difficult to determine which character has been pressed by observing the operator's hands and location on the display, which the operator presses. Further compounding this problem is that the keypad displayed may vary depending on the character type being entered. Such a feature can reveal when the user types a number, lowercase or uppercase character, symbol, etc, further increasing the ability of an onlooker to judge which character is being entered.
Even when the actual entering of the password is not observed, the security of the password may still be degraded by residual marks left on the screen by the operator (e.g., “fingerprints”). Such fingerprints may reveal the password information entered by the location of the keys pressed or the path of a finger as it moved on the screen.
The environment in which a password is entered may further amplify the password's vulnerability to detection. Such environmental factors may be anything from a reflective surface to aid an on-looker, to security cameras, which record the password as it is entered, etc.
All of these issues weaken the security provided by a password entered into a device such as a smartphone, ATM, etc.
Therefore, it is insecure (i.e., non-secure) to enter passwords onto a smartphone. As a result, a smartphone, or other display device, is rendered insecure which makes the smartphone undesirable to use in accessing sensitive data.
While the above problems have been described in terms of a smart phone, the basic problem also applies everything from tablets, laptops, computer keyboards, ATMs, etc., or any device where a code is manually entered.